MitreVULNRICHMENT:CVE-2022-32509CVE-2022-32509
An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:nuki:smart_lock_v3_pro:*:*:*:*:*:*:*:*"
],
"vendor": "nuki",
"product": "smart_lock_v3_pro",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "3.3.5",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:nuki:bridge_v1:*:*:*:*:*:*:*:*"
],
"vendor": "nuki",
"product": "bridge_v1",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.22.0",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:nuki:bridge_v2:*:*:*:*:*:*:*:*"
],
"vendor": "nuki",
"product": "bridge_v2",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.13.2",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]References
latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/
nuki.io/en/security-updates/
research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/
www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/
Related
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total